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WHAT IS CLAIMED IS: 




1. A secure telecommunications system comprising: 



a network on which traffic travels; 



a switch I connected to the network; 
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a first inspection engine connected to the switch, which 
receives traffic from the switch, processes the traffic to 
determine whether itl is desired traffic or undesired traffic, which 
prevents undesired traffic from passing through it and which sends 
desired traffic backl to the switch; 



a second inspection engine connected to the switch, which 
receives traffic frpm the switch, processes the traffic to 
determine whether it is desired traffic or undesired traffic, which 
prevents undesired traffic from passing through it and which sends 
desired traffic back to the switch; 



a first destination connected to the switch which 
receives desired traf f die from the switch that has been processed by 
the first inspection engine; and 



a second destination connected to the switch which 
receives desired traffic from the switch that has been processed by 
the second inspection engine. 



-25- 



2 . A syBtem as described in Claim 1 wherein the first 
inspection engine ilncludes a first firewall processing engine and 
the second inspection engine includes a second firewall processing 
engine . 



3 . A system as described in Claim 2 wherein the switch 
has a first port anq a second port connected to the network which 
receives traffic frdm the network, said switch directing traffic 
received at the first! port to the first firewall processing engine 
and directing traffic received at the second port to the second 
firewall processing eingine. 
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4 . A system as described in Claim 3 including N 
additional firewall processing engines connected to the switch 
besides the first firewall processing engine and the second 
firewall processing ehgine so there are a total of N+2 firewall 
processing engines, wh^re N is greater than or equal to 1 and is an 
integer . 



5 . A system 
has N additional ports 
wherein each port is 
processing engine. 



as described in Claim 4 wherein the switch 
(besides the first port and the second port, 
connected to a corresponding firewall 



6. A system as described in Claim 5 wherein the switch 
is configured into security groups with at least one of the N+2 
firewall processing engines serving each security group. 



-26- 



A system as described in Claim 6 wherein the switch 
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load- shares traffic 
firewall processing 
group . 

8 . A syst 
rebalances traffic 
processing engines 
other firewall proce 



::or each security group across corresponding 
engines serving the corresponding security 



5m as described in Claim 7 wherein the switch 
or a security group when one of the firewall 
fjerving the security group fails across the 
£!sing engines serving the security group. 



9 . A syst 
is scalable to allow 



elm as described in Claim 8 wherein the switch 
or adding firewall processing engines. 



10 . A syst 
includes bits and whe 
a first security grou 
1 Gbps of traffic. 



as described in Claim 9 wherein the traffic 
::ein the firewall processing engines serving 
of the security groups encrypt greater than 



11. A 
network includes the 
a first web server and 
server . 



system 



as described in Claim 10 wherein the 
Ibternet, and the first destination includes 
the second destination includes a second web 



12 . A sys 
Internet includes a LAn 



:em as described in Claim 11 wherein the 



13. A metnod for sending traffic over a secure 
telecommunications system comprising the steps of: 



receiving traf f 
the network; 



directing traf 
to the switch and to a s 
switch; 

receiving traf 



ic to a first inspection engine connected 
2Cond inspection engine connected to the 



processing tra 
engine to determine whethe 
traffic ; 



ic from a network at a switch connected to 



ic at the first inspection engine; 



;:fic received at the first inspection 
r it is desired traffic or undesired 



sending the desired traffic back to the switch from the 
first inspection engine a:"id discarding undesired traffic from the 
first inspection engine; 



transferring des 
the first inspection engirie 



ired traffic received by the switch from 
to a first destination; 



processing traf 
engine to determine 
traffic; 



whether 



lie received at the second inspection 
it is desired traffic or undesired 
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send:mg the desired traffic back to the switch from the 
second inspection engine and discarding undesired traffic from the 
second inspectiom engine; and 

transferring desired traffic received by the switch from 
the second inspection engine to a second destination. 
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14. A method as described in Claim 13 wherein the first 
and second inspectilon engines include a first firewall processing 
engine and a second\ firewall processing engine, respectively, and 
wherein the directing traffic step includes the step of directing 
traffic to the first If irewall processing engine and second firewall 
processing engine andi to a third firewall processing engine and a 
forth firewall processing engine. 

15. A methofl as described in Claim 14 wherein the switch 
is configured into a first security group and a second security 
group, and the receiving step includes the step of receiving 
traffic at the first security group. 



16. A method as described in Claim 15 wherein the 
directing step includes tne step of directing the traffic from the 
first security group of tne switch to the first, third and fourth 
firewall processing engines which serve the first security group of 
the switch, and directing traffic to the second firewall processing 
engine serving the second Isecurity group of the switch. 
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17- A metriod as described in Claim 16 wherein the 
receiving step includes the step of receiving traffic from the 
first security group at: a first port of the switch and receiving 
traffic for the seconp security group at a second port of the 
switch. 



18. A metthod as described in Claim 17 wherein the 
directing the traffic from the first security group includes the 
step of load-sharinfl by the switch the traffic received by the 
first security group between the first, third and fourth firewall 
processing engines , 
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19. a/ method as described in Claim 18 wherein the 
directing the traffic from the first security group includes the 
step of rebalancing traffic from the first security group to the 
third and fourth firewall processing engines when the first 
firewall processing engine fails. 



20 



step of trans 



A method as described in Claim 19 wherein after the 



jferring traffic to the first destination, there is the 
step of con]/iecting a fifth firewall processing engine to the 
switch. 



